While gender is far from the only social component of cybersecurity, it is a key factor in understanding why cybersecurity approaches work for some and not others.
Cybersecurity is social as well as technical. While cybersecurity at its core concerns the protection of information and communications technology (ICT) devices, networks and systems, it is also about keeping ICT users safe in cyberspace from cybercrimes, data and privacy violations, harmful and abusive content, and the plethora of risks that have emerged as the world has digitally transformed.
This means that cybersecurity needs to be approached in a broad, human-centred, way. Rather than starting from a particular notion of what counts as a cyberattack or threat, and defining cybersecurity as the practice of defending against that attack or threat, cybersecurity should start with the question of what is required to make people safe, and feel that they are safe, in their digital interactions and lives. Other work has laid out arguments for a broader approach to cybersecurity – in general, and specifically from a gender perspective. This paper builds on those arguments and explores some of the many overlaps between technical cybersecurity and cybersecurity more broadly.
Moreover, cybersecurity does not stay online: it has offline or physical elements and consequences, affecting states, organizations and individuals. Cyber insecurity poses reputational risks, has financial consequences and implications, and can threaten livelihoods, violate human rights and endanger critical infrastructure. And it leads to cyber harms – the latter defined as effects that originate from or are exacerbated in cyberspace, causing ‘the diminishing, damage, or destruction of areas of human value, especially the body, affective life, and community’.
Cyber harms – and the digital vulnerabilities and risks that perpetuate these harms – differ based on an individual’s gender and other intersecting identities. Such gendered differences affect the way cybersecurity, understood broadly, is perceived, experienced and delivered.
Understanding of gendered cyber harms has advanced significantly in recent years. Research in this area has identified three main kinds of gendered cyber harm: hate speech (often via online harassment and abuse) and other content-based harms such as disinformation; data breach (privacy violations through hacking or leaking personal or sensitive data); and state overreach (e.g. cybercrime legislation reinforcing discriminatory gender norms).
Cybersecurity does not stay online: it has offline or physical elements and consequences, affecting states, organizations and individuals.
So far, both research and policy have tended to consider these three kinds of gendered cyber harms separately. Furthermore, these harms may not even be considered gendered cyber harms under a narrow definition of cybersecurity. This approach has allowed each type of gendered harm to be addressed specifically and appropriately, but the separation overlooks how each kind of gendered harm may interact with the others, and how they can be mutually reinforcing; for example, how gendered abuse on social media platforms may make an individual a target for hacks and leaks, and may even lead to prosecution of the victim under cybercrime laws. This research paper therefore considers the connections between different kinds of gendered cyber harm, how thinking about these harms in a more holistic way can help mitigate them, and what states can and should do to address them.
The paper argues that gendered cyber harms are cascading and compounding. They are cascading because one form of gendered cyber harm leads to another. They are compounding because such cascades increase the impact on the individual or individuals. In short, harms give rise to deeper harms. Understanding gendered cyber harms as cascading and compounding allows for a more comprehensive appreciation of how offline and online gender harms interact, intersect and reinforce one another. This understanding broadens the landscape of responsibility for designing, delivering and assessing cybersecurity, contributing to better policymaking that views gendered cyber harms as part of a broader security challenge.
The next chapter briefly introduces the concept of gender and its relevance to international cybersecurity. Chapter 3 then reviews the literature on the three kinds of gendered cyber harm. Chapter 4 connects these three kinds of harm through illustrative examples of cascading and compounding gendered cyber harms, drawn from a range of political and social contexts worldwide. The concluding chapter includes a set of policy recommendations intended to encourage gender-sensitive and gender-transformative (i.e. challenging harmful gender norms, roles and realities) policy and governance responses to cyber insecurity.